CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
79.7%
Node.js open source library used by IBM Db2® Graph is affected by vulnerability CVE-2022-43548. The fix updates Node.js to 18.12.1
CVEID:CVE-2022-43548
**DESCRIPTION:**Node.js could allow a remote attacker to execute arbitrary commands on the system, caused by an insufficient IsAllowedHost check. By sending a specially-crafted DBS request using an invalid octal address, an attacker could exploit this vulnerability to conduct a DNS rebinding attack and execute arbitrary commands on the system.
CVSS Base score: 8.1
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/241552 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
All platforms of the following IBM® Db2® Graph levels are affected:
Affected Product(s) | Version(s) |
---|---|
Db2 Graph | 1.0.0.592-1.0.0.1353 |
IBM strongly recommends addressing the vulnerability now by upgrading to the latest IBM® Db2® Graph release containing the fix for these issues.
Product(s) | Fixed in Version(s) |
---|---|
Db2 Graph |
1.0.0.1477-amd64
1.0.0.1514-amd64
latest-amd64
1.0.0.1477-ppcle
1.0.0.1514-ppcle
latest-ppcle
1.0.0.1477-s390x
1.0.0.1514-s390x
latest-s390x
Follow the instructions below to setup IBM Db2 Graph
<https://www.ibm.com/docs/en/db2/11.5?topic=graph-setting-up-db2>
None
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
79.7%